Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

query Windows 2003 account status

Posted on 2011-09-19
7
Medium Priority
?
270 Views
Last Modified: 2012-05-12
I have a txt file which lists about 300 entries of samids.  Is there a way I can display the status of the samid (Active or Disable) and the samid itself?

We have WIN2003 AD environment.

Many Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Accepted Solution

by:
SuperTaco earned 600 total points
ID: 36563981
this will give you a listing of al disbled user account in AD

On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
    "<LDAP://dc=fabrikam,dc=com>;(&(objectCategory=User)" & _
        "(userAccountControl:1.2.840.113556.1.4.803:=2));Name;Subtree"  
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
Loop


Just be sure to change the Domain  in the script
0
 

Author Comment

by:nav2567
ID: 36564039
Thanks.  

Can the above display a list of samids?

I am not good at VB.  Do you know how to put them together using dsquery & dsget?  I tried but not successful.
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36564054
try this;

dsquery user -disabled -limit 0 | dsget user -samid > c:\disabledusers.txt
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 10

Expert Comment

by:SuperTaco
ID: 36564063
For active users only try

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"  > c:\domainusers.txt

copy and past this to a notepad first to take out the wraparound
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 450 total points
ID: 36565635
Use this simple syntax in a batch file on a DC or any workstation with Administrative Tools installed.

Sample batch file

@echo off

for /f %%i in (text-file-with-samids.txt) do dsquery user -samid %%i | dsget user -fn -ln -samid -disabled >>c:\users-status.txt

save it in the same location where txt file with users is and run from command-line that batch. You will get on C-Drive text file with results (First Name, Last Name, login and account status)

You can also use for that Quest PowerShell module for AD (if you're interested, let me know)

Regards,
Krzysztof
0
 
LVL 6

Assisted Solution

by:netjgrnaut
netjgrnaut earned 450 total points
ID: 36570010
+1 Krzysztof - go with Quest PowerShell for AD

http://www.quest.com/powershell/activeroles-server.aspx

If you want all the AD users, along with the status, just run

Get-QADUser | select SamAccountName,DisplayName,AccountIsDisabled | ft -auto

Open in new window


If you want to use your text file, write a little PowerShell script like this:

$UserList = gc "C:\somewhere\userlist.txt"
ForEach ($User in $UserList) {
    Get-QADUser -SamAccountName $User | 
    select SamAccountName,DisplayName,AccountIsDisabled | ft -auto
}

Open in new window


The output will be an easy to read table.  If you need output to a CSV or TXT file, let me know!

Hope that helps!



0
 

Author Closing Comment

by:nav2567
ID: 36922131
Thanks a lot everyone.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question